Loading packages/StatementService/src/com/android/statementservice/retriever/AbstractAsset.java +6 −0 Original line number Diff line number Diff line Loading @@ -63,4 +63,10 @@ public abstract class AbstractAsset { throws AssociationServiceException { return AssetFactory.create(assetJson); } /** * If this is the source asset of a statement file, should the retriever follow * any insecure (non-HTTPS) include statements made by the asset. */ public abstract boolean followInsecureInclude(); } packages/StatementService/src/com/android/statementservice/retriever/AndroidAppAsset.java +6 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,12 @@ import java.util.Locale; return getPackageName().hashCode(); } @Override public boolean followInsecureInclude() { // Non-HTTPS includes are not allowed in Android App assets. return false; } /** * Checks that the input is a valid Android app asset. * Loading packages/StatementService/src/com/android/statementservice/retriever/DirectStatementRetriever.java +8 −2 Original line number Diff line number Diff line Loading @@ -136,7 +136,8 @@ import java.util.List; } } private Result retrieveStatementFromUrl(String url, int maxIncludeLevel, AbstractAsset source) private Result retrieveStatementFromUrl(String urlString, int maxIncludeLevel, AbstractAsset source) throws AssociationServiceException { List<Statement> statements = new ArrayList<Statement>(); if (maxIncludeLevel < 0) { Loading @@ -145,7 +146,12 @@ import java.util.List; WebContent webContent; try { webContent = mUrlFetcher.getWebContentFromUrl(new URL(url), URL url = new URL(urlString); if (!source.followInsecureInclude() && !url.getProtocol().toLowerCase().equals("https")) { return Result.create(statements, DO_NOT_CACHE_RESULT); } webContent = mUrlFetcher.getWebContentFromUrl(url, HTTP_CONTENT_SIZE_LIMIT_IN_BYTES, HTTP_CONNECTION_TIMEOUT_MILLIS); } catch (IOException e) { return Result.create(statements, DO_NOT_CACHE_RESULT); Loading packages/StatementService/src/com/android/statementservice/retriever/URLFetcher.java +11 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.statementservice.retriever; import android.util.Log; import com.android.volley.Cache; import com.android.volley.NetworkResponse; import com.android.volley.toolbox.HttpHeaderParser; Loading @@ -39,6 +41,7 @@ import java.util.Map; * @hide */ public class URLFetcher { private static final String TAG = URLFetcher.class.getSimpleName(); private static final long DO_NOT_CACHE_RESULT = 0L; private static final int INPUT_BUFFER_SIZE_IN_BYTES = 1024; Loading @@ -63,11 +66,17 @@ public class URLFetcher { connection.setConnectTimeout(connectionTimeoutMillis); connection.setReadTimeout(connectionTimeoutMillis); connection.setUseCaches(true); connection.setInstanceFollowRedirects(false); connection.addRequestProperty("Cache-Control", "max-stale=60"); if (connection.getResponseCode() != HttpURLConnection.HTTP_OK) { Log.e(TAG, "The responses code is not 200 but " + connection.getResponseCode()); return new WebContent("", DO_NOT_CACHE_RESULT); } if (connection.getContentLength() > fileSizeLimit) { throw new AssociationServiceException("The content size of the url is larger than " + fileSizeLimit); Log.e(TAG, "The content size of the url is larger than " + fileSizeLimit); return new WebContent("", DO_NOT_CACHE_RESULT); } Long expireTimeMillis = getExpirationTimeMillisFromHTTPHeader(connection.getHeaderFields()); Loading packages/StatementService/src/com/android/statementservice/retriever/Utils.java +1 −1 Original line number Diff line number Diff line Loading @@ -61,7 +61,7 @@ public final class Utils { */ public static final String ASSET_DESCRIPTOR_FIELD_RELATION = "relation"; public static final String ASSET_DESCRIPTOR_FIELD_TARGET = "target"; public static final String DELEGATE_FIELD_DELEGATE = "delegate"; public static final String DELEGATE_FIELD_DELEGATE = "include"; private static final char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; Loading Loading
packages/StatementService/src/com/android/statementservice/retriever/AbstractAsset.java +6 −0 Original line number Diff line number Diff line Loading @@ -63,4 +63,10 @@ public abstract class AbstractAsset { throws AssociationServiceException { return AssetFactory.create(assetJson); } /** * If this is the source asset of a statement file, should the retriever follow * any insecure (non-HTTPS) include statements made by the asset. */ public abstract boolean followInsecureInclude(); }
packages/StatementService/src/com/android/statementservice/retriever/AndroidAppAsset.java +6 −0 Original line number Diff line number Diff line Loading @@ -99,6 +99,12 @@ import java.util.Locale; return getPackageName().hashCode(); } @Override public boolean followInsecureInclude() { // Non-HTTPS includes are not allowed in Android App assets. return false; } /** * Checks that the input is a valid Android app asset. * Loading
packages/StatementService/src/com/android/statementservice/retriever/DirectStatementRetriever.java +8 −2 Original line number Diff line number Diff line Loading @@ -136,7 +136,8 @@ import java.util.List; } } private Result retrieveStatementFromUrl(String url, int maxIncludeLevel, AbstractAsset source) private Result retrieveStatementFromUrl(String urlString, int maxIncludeLevel, AbstractAsset source) throws AssociationServiceException { List<Statement> statements = new ArrayList<Statement>(); if (maxIncludeLevel < 0) { Loading @@ -145,7 +146,12 @@ import java.util.List; WebContent webContent; try { webContent = mUrlFetcher.getWebContentFromUrl(new URL(url), URL url = new URL(urlString); if (!source.followInsecureInclude() && !url.getProtocol().toLowerCase().equals("https")) { return Result.create(statements, DO_NOT_CACHE_RESULT); } webContent = mUrlFetcher.getWebContentFromUrl(url, HTTP_CONTENT_SIZE_LIMIT_IN_BYTES, HTTP_CONNECTION_TIMEOUT_MILLIS); } catch (IOException e) { return Result.create(statements, DO_NOT_CACHE_RESULT); Loading
packages/StatementService/src/com/android/statementservice/retriever/URLFetcher.java +11 −2 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.statementservice.retriever; import android.util.Log; import com.android.volley.Cache; import com.android.volley.NetworkResponse; import com.android.volley.toolbox.HttpHeaderParser; Loading @@ -39,6 +41,7 @@ import java.util.Map; * @hide */ public class URLFetcher { private static final String TAG = URLFetcher.class.getSimpleName(); private static final long DO_NOT_CACHE_RESULT = 0L; private static final int INPUT_BUFFER_SIZE_IN_BYTES = 1024; Loading @@ -63,11 +66,17 @@ public class URLFetcher { connection.setConnectTimeout(connectionTimeoutMillis); connection.setReadTimeout(connectionTimeoutMillis); connection.setUseCaches(true); connection.setInstanceFollowRedirects(false); connection.addRequestProperty("Cache-Control", "max-stale=60"); if (connection.getResponseCode() != HttpURLConnection.HTTP_OK) { Log.e(TAG, "The responses code is not 200 but " + connection.getResponseCode()); return new WebContent("", DO_NOT_CACHE_RESULT); } if (connection.getContentLength() > fileSizeLimit) { throw new AssociationServiceException("The content size of the url is larger than " + fileSizeLimit); Log.e(TAG, "The content size of the url is larger than " + fileSizeLimit); return new WebContent("", DO_NOT_CACHE_RESULT); } Long expireTimeMillis = getExpirationTimeMillisFromHTTPHeader(connection.getHeaderFields()); Loading
packages/StatementService/src/com/android/statementservice/retriever/Utils.java +1 −1 Original line number Diff line number Diff line Loading @@ -61,7 +61,7 @@ public final class Utils { */ public static final String ASSET_DESCRIPTOR_FIELD_RELATION = "relation"; public static final String ASSET_DESCRIPTOR_FIELD_TARGET = "target"; public static final String DELEGATE_FIELD_DELEGATE = "delegate"; public static final String DELEGATE_FIELD_DELEGATE = "include"; private static final char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; Loading
